These identification files can then be placed inside the attacker's browser to give them access to the accounts of the victims.

This kind of attack, that has been known for over a decade, and people connecting over open wireless networks are most exposed to it.

Microsoft is also considering implementing full-session HTTPS for Bing, which would allow users to encrypt their Web searches when connecting from unprotected networks.

"The security and privacy of our customers is very important to us at Bing. We are looking at SSL and other technologies for future releases of Bing," a Microsoft spokesperson told us.

Update November 5:This article originally stated that full-session HTTPS is availble on Hotmail, however, Microsoft has since contacted us to clarify that the implementation is not yet complete. Therefore, we have amended the article to reflect that the feature will be operational later this month.